Audacity denies spyware claims, but users have had enough anyway

(Image credit: Audacity)

The parent company of audio editor Audacity has denied allegations that a recent privacy policy update will allow the program to be used as spyware.

Under the new policy, Audacity will collect information such as OS version, CPU type, error codes and the location of the user. The document also states that Muse Group, owner of Audacity, will collect “data necessary for law enforcement, litigation and authorities’ requests”.

The changes provoked outrage among members of the community, who believe the new privacy policy runs counter to the philosophies and ambitions of the open source movement.

Speaking to the BBC, Muse Group sought to allay these concerns and clarify the reasons for the policy update.

“We don’t know anything about our users,” said Daniel Ray, Head of Strategy at Muse Group. “We don’t want users’ personal information - that doesn’t help us.”

According to Ray, the changes were designed to allow the company to notify users of planned updates to Audacity, which will supposedly now take place every few weeks.

“If you don’t have ways of informing users about updates they might miss, then you put the burden on the user to keep up with the pace of change,” he explained.

Ray attributed the confusion to the fact the policy was “written by lawyers, to be understood by lawyers rather than the average person”, although this will be cold comfort for users’ concerned about data privacy.

Audacity controversy

Ever since Muse Group acquired Audacity earlier this year, relations between the company and the open source community have been strained.

First, the software firm had to backtrack on plans to introduce an option to collect telemetry data after a backlash from contributors. The company put the incident down to an error of communication.

Later, Muse Group ruffled feathers with a new Contributor License Agreement (CLA) for Audacity, which contributors were required to sign if they wanted to continue to work on the project. This new agreement also stipulated that Muse Group must be given unrestricted rights to all contributions.

A significant portion of the community felt the new CLA compromised the values of the open source ecosystem, built around the concepts of transparency and collaboration, by allowing Muse Group to use code submitted by contributors in other non-open source projects.

Despite Ray’s assurances, it appears the privacy policy change was the final straw for many. Already, members of the community have created forks of the audio software, using Audacity code as the backbone.

As reported by The Register, a yet-to-be named project published by GitHub user cookieengineer effectively rolls back Audacity to a build that preceded the controversial changes. The code can be made to compile but, lacking the polish of the original, is not yet accessible for non-technical users.

Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.